Chapter 1

Question 1

Keeping data, software, and hardware secure against unauthorized access, use, disclosure, disruption, modification, or destruction.

Answer 1

Information Security

Question 2

The requirements that are set forth by laws and industry regulations

Answer 2

Compliance

Question 3

C.I.A.

Answer 3

Confidentiality
Integrity
Availability

Question 4

Allowing only those authorized to access the data requested

Answer 4

Confidentiality

Question 5

Keeping data unaltered by Accidental or Malicious intent

Answer 5

Integrity

Question 6

The ability to access data when needed

Answer 6

Availability

Question 7

The physical disposition of the media on which the data is stored

Answer 7

Possession/Control

Question 8

Allows you to say whether you’ve attributed the data in question to the proper owner or creator

Answer 8

Authenticity

Question 9

How useful the data is

Answer 9

Utility

Question 10

Attacks that allow unauthorized users to access your data, applications, or environments, and are primarily an attack against confidentiality

Answer 10

Interception

Question 11

Attacks that cause our assets to become unusable or unavailable for our use, on a temporary or permanent basis.

Answer 11

Interruption

Question 12

Attacks that involve tempering with assets.

Answer 12

Modification

Question 13

Attacks that involve generating data, processes, communications, or other similar activities with a system.

Answer 13

Fabrication

Question 14

The likelihood that an event will occur

Answer 14

Risk

Question 15

Events that could cause damage to assets

Answer 15

Threats

Question 16

A weakness that a threat event of the threat agent can take advantage of

Answer 16

Vulnerabilities

Question 17

An additional step that is taking into account the value of the asset being threatened

Answer 17

Impact

Question 18

Protecting the physical environment in which your system sits, or where your data is stored.

Answer 18

Physical Control

Question 19

Protects the systems, networks, and environments that process, transmit, and store your data

Answer 19

Technical/Logical Control

Question 20

Dictate how users of your environment should behave and are based on rules, laws, policies, procedures and guidelines

Answer 20

Administrative Control

Question 21

A model that adds three more principles to the CIA triad.

Answer 21

Parkerian Hexad

Question 22

Three principles added to the C.I.A.by the Parkerian Hexad

Answer 22

Possession/Control
Utility
Authenticity

Question 23

Forecasting and evaluation of financial risks together with the identification of procedures to avoid or minimize their impact.

Answer 23

Risk Management

Question 24

Risk Management Processes

Answer 24

Identify Assets
Identify Threats
Assess Vulnerability
Assess Risks
Mitigate Risks

Question 25

Identifying and categorizing the assets that we are protecting

Answer 25

Identify Assets

Question 26

Identify and categorize the threats that affect the assets. (Once the critical assets have been found)

Answer 26

Identify Threats

Question 27

Any given asset may have thousands or millions of threats that could impact it. It is important to ___________ _____________ in the form of potential threats.

Answer 27

Assess Vulnerabilities

Question 28

We ______ ________ once we have identified the the threats and vulnerabilities for a given asset.

Answer 28

Assess Risks

Question 29

Putting measures in place to help ensure that a given type of threat is accounted for.

Answer 29

Mitigate Risks

Question 30

Measures used to alleviate risk

Answer 30

Control

Question 31

Controls are divided into three categories

Answer 31

Physical
Logical
Administrative

Question 32

When risk management practices have failed and have caused an inconvenience to a disastrous event, you follow through with _____________

Answer 32

Incident Response

Question 33

Incident Response Cycle steps

Answer 33

Preparation
Detection and Analysis
Containment
Eradication
Recovery
Post Incident Activity

Question 34

Consists of all the activities you can perform ahead of time to better handle an incident

Answer 34

Preparation

Question 35

This is where the action begins. You detect an issue, decide whether it’s actually an incident, and respond to it appropriately.

Answer 35

Detection and Analysis

Question 36

Taking steps to ensure that the situation does not cause any more damage than it already has, or to at least lessen any ongoing harm

Answer 36

Containment

Question 37

The attempt to remove the effects of an issue from our environment

Answer 37

Eradication

Question 38

Restoring devices or data from backup media, rebuilding systems, or reloading applications. Going back to a certain state you were in prior to the indident

Answer 38

Recovery

Question 39

When we attempt to determine specifically what happened, why it happened, and what we can do to keep it form happening again

Answer 39

Post-Incident Activity

Question 40

Latin for after death

Answer 40

post-mortem